AVG-2505 log

Package	vivaldi
Status	Fixed
Severity	High
Type	multiple issues
Affected	4.3.2439.56-1
Fixed	4.3.2439.63-1
Current	7.1.3570.39-1 [extra]
Ticket	None
Created	Fri Oct 29 16:55:13 2021

Issue	Severity	Remote	Type	Description
CVE-2021-38002	High	Yes	Arbitrary code execution	A use after free security issue has been found in the Web Transport component of the Chromium browser engine before version 95.0.4638.69.
CVE-2021-37999	High	Yes	Insufficient validation	An insufficient data validation security issue has been found in the New Tab Page component of the Chromium browser engine before version 95.0.4638.69.
CVE-2021-37997	High	Yes	Arbitrary code execution	A use after free security issue has been found in the Sign-In component of the Chromium browser engine before version 95.0.4638.69.

Issue

Severity

Remote

Type

Description

CVE-2021-38002

High

Yes

Arbitrary code execution

A use after free security issue has been found in the Web Transport component of the Chromium browser engine before version 95.0.4638.69.

CVE-2021-37999

High

Yes

Insufficient validation

An insufficient data validation security issue has been found in the New Tab Page component of the Chromium browser engine before version 95.0.4638.69.

CVE-2021-37997

High

Yes

Arbitrary code execution

A use after free security issue has been found in the Sign-In component of the Chromium browser engine before version 95.0.4638.69.

References
https://vivaldi.com/blog/desktop/update-two-4-3/ https://vivaldi.com/blog/desktop/update-three-4-3/ https://chromium.googlesource.com/chromium/src/+log/94.0.4606.104..94.0.4606.114?pretty=fuller&n=10000

References

https://vivaldi.com/blog/desktop/update-two-4-3/
https://vivaldi.com/blog/desktop/update-three-4-3/
https://chromium.googlesource.com/chromium/src/+log/94.0.4606.104..94.0.4606.114?pretty=fuller&n=10000

Notes
Vivaldi version 4.3.2439.56 is based on Chromium version 94.0.4606.104, Vivaldi version 4.3.2439.63 is based on Chromium version 94.0.4606.114 according to the references.